16-31 July 2015 Cyber Attacks Timeline

The dog days are finally here, and the second timeline of July could not miss the appointment (first part here).

The list of the most noticeable breaches of the second half of the month includes the University of California Los Angeles (4.5 million records potentially compromised), Ashley Madison (37 million users exposed could pay a high price for their extramarital affairs), the United Airlines, which fell victim of the same hackers who breached Anthem (and maybe this explains their bug bounty program) and, last but not least, the University of Connecticut School of Engineering.

Canada was still under attack from the hacktivists orbiting around the Anonymous collective in the wake of the controversial C51 bill and the protests following its approval in which an alleged member of the collective was shot dead.

Scroll down the timeline to have a complete view of the threat landscape for July and, as usual, remember to keep the level of attention very high. In the same time if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Pharmacy chain CVS takes down its online photo center CVSphoto.com, replacing it with a message warning that customer credit card data may have been compromised. The incident comes just days after Walmart Canada, and is the consequence of the compromise of the third party hosting the website (PNI). Other affected companies include: Sams Club, Walgreens, Rite Aid and Tesco, to name a few.

Hacker collective Rex Mundi claims to have stolen 24,000 financial records from Belgian loan company AFC Kredieten, and threatens to publish every loan applicant record in its possession if the company does not pay up a ransom. As proof that they have successfully hacked the company, Rex Mundi publishes some personal accounts and leaves a banner notification on the AFC Kredieten website.

Pakistani President Mamnoon Hussain’s website (presidentofpakistan.gov.pk) is defaced by a group of Bangladeshi hackers called Blacksmith Hacker’s Team. Inside the same operation, 72 other Pakistani government websites are defaced as well.

Members of the Anonymous collective claim to have crashed the Royal Canadian Mounted Police (RCMP) website as a part of a battle to retaliate the murder of a member in a shooting involving the Canadian Police.

Ashley Madison, an online dating website that specifically targets people looking to have an affair, is hacked by a group that calls itself Impact Team. The authors of the attack threaten to release the entire database of 37 million users.

Members of the online activist collective Anonymous take credit for hacking the United States Census Bureau (census.gov) and leaking the details of its 4,200 employees including names, hashed passwords, email, addresses, phone numbers and positions within the US Government. The reason for the cyber-attack is the recent Trans-Pacific Partnership (TPP) and Transatlantic Trade and Investment Partnership (TTIP).

A hacker called DetoxRansome hacks BitDefender and blackmails the company, demanding a ransom of $15,000 and threatening to release the stolen usernames and passwords (allegedly kept in clear) in case the ransom is not paid.

Hackers from the Anonymous collective say they breached supposedly secure Canadian government computers and accessed high-level, classified national security documents as retaliation for last week’s fatal shooting by the RCMP of a protester in British Columbia. To support their claim, they publish a document that appears to be legitimate Treasury Board of Canada notes on federal cabinet funding to fix flaws in the foreign stations of the Canadian Security Intelligence Service (CSIS).

A group of hackers going with the handle of The Exploit3rs deface the official Moroccan domains of Google, Microsoft and Kaspersky Labs. The attack was possible since the attackers hacked into the Internet country code top-level domain (ccTLD) for Morocco.

A report from Bloomberg reveals that the hackers who stole data on tens of millions of U.S. insurance holders and government employees in recent months breached another big target at around the same time: United Airlines. The attacked probably happened in May, early June.

ESET reveals that the Win32/Potao malware family has been used for the past five years in covert targeted attacks against the Ukrainian government, served up by a trojanized Russian version of encryption software TrueCrypt.

Alarm aggregation and dispatching service PagerDuty detects an unauthorized intrusion by an attacker who gained access to customer information, and the company requires that all customers change their passwords.